Risk | High |
Patch available | YES |
Number of vulnerabilities | 56 |
CVE-ID | CVE-2024-25742 CVE-2024-36947 CVE-2024-36919 CVE-2024-36929 CVE-2024-36955 CVE-2023-52585 CVE-2024-36931 CVE-2024-27399 CVE-2024-36957 CVE-2024-26980 CVE-2024-27398 CVE-2024-36902 CVE-2024-36928 CVE-2024-36960 CVE-2024-36904 CVE-2024-27017 CVE-2024-36959 CVE-2024-36880 CVE-2024-26936 CVE-2024-36975 CVE-2023-52882 CVE-2024-35848 CVE-2024-36886 CVE-2024-36889 CVE-2024-27401 CVE-2024-36906 CVE-2024-36937 CVE-2024-36016 CVE-2024-36964 CVE-2024-36933 CVE-2024-36031 CVE-2024-36969 CVE-2024-36954 CVE-2024-26900 CVE-2024-26952 CVE-2024-36017 CVE-2024-35947 CVE-2024-36965 CVE-2023-52752 CVE-2024-36905 CVE-2024-36938 CVE-2024-36952 CVE-2024-36940 CVE-2024-36916 CVE-2024-38600 CVE-2024-36946 CVE-2024-36953 CVE-2024-36967 CVE-2024-26886 CVE-2024-36934 CVE-2024-36950 CVE-2024-36941 CVE-2024-36883 CVE-2024-36944 CVE-2024-36939 CVE-2024-36897 |
CWE-ID | CWE-94 CWE-401 CWE-667 CWE-388 CWE-476 CWE-125 CWE-193 CWE-416 CWE-399 CWE-682 CWE-200 CWE-20 CWE-362 CWE-119 CWE-908 CWE-787 CWE-269 CWE-369 CWE-415 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1065-oracle (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 56 vulnerabilities.
EUVDB-ID: #VU89087
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25742
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
Description
The vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the remove_device_files() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36955
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the is_link_enabled() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91241
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_query_error_status_helper() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90267
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the crw_inject_write() function in drivers/s390/cio/cio_inject.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36957
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26980
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92961
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36928
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qeth_free_cq(), qeth_alloc_qdio_queues(), atomic_set(), qeth_free_qdio_queues() and qeth_qdio_poll() functions in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93615
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27017
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91321
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90850
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_allocate_rsp_buf() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36975
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90975
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36889
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36906
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ENDPROC() function in arch/arm/kernel/sleep.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36937
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __xdp_do_redirect_frame(), EXPORT_SYMBOL_GPL(), xdp_do_generic_redirect_map() and xdp_do_generic_redirect() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36969
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90468
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26900
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90317
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26952
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Update the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90273
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92360
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38600
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36967
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90200
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92055
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36944
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qxl_fence_wait() function in drivers/gpu/drm/qxl/qxl_release.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91223
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the construct_integrated_info() function in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-oracle (Ubuntu package): before 5.15.0.1065.71~20.04.1
linux-image-5.15.0-1065-oracle (Ubuntu package): before 5.15.0-1065.71~20.04.1
CPE2.3http://ubuntu.com/security/notices/USN-6957-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.